[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Default IKE and IPSec Proposals

The software includes implicit default IKE and IPSec proposals to match the proposals sent by the dynamic peers. The values are shown in Table 14; if more than one value is shown, the first value is the default. For more information on IKE proposals, see Configuring an IKE Proposal; for more information on IPSec proposals, see Configuring an IPSec Proposal.

Note: RSA certificates are not supported with dynamic endpoint configuration.

Table 14: Default IKE and IPSec Proposals for Dynamic Negotiations

Statement Name	Values
Implicit IKE Proposal
authentication-method	pre-shared keys
dh-group	group1, group2
authentication-algorithm	sha1, md5, sha-256
encryption-algorithm	3des-cbc, des-cbc, aes-128, aes-192, aes-256
lifetime-seconds	3600 seconds
Implicit IPSec Proposal
protocol	esp, ah, bundle
authentication-algorithm	hmac-sha1-96, hmac-md5-96
encryption-algorithm	3des-cbc, des-cbc, aes-128, aes-192, aes-256
lifetime-seconds	28,800 seconds (8 hours)

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]